【Vulnerability Alert】High-risk security vulnerabilities exist in Cisco IOS and IOS XE Software (CVE-2017-6736 to CVE-2017-6744). Please promptly verify and apply patches.
publish date :
2025-08-18
update date :
2025-08-18
Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025080609084040 | Publication Time | 2025/08/06 09:46 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/08/06 09:46 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】High-risk security vulnerabilities exist in Cisco IOS and IOS XE Software (CVE-2017-6736 to CVE-2017-6744). Please promptly verify and apply patches. |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202508-00000021 Researchers have discovered Buffer Overflow vulnerabilities (CVE-2017-6736 to CVE-2017-6744) in the SNMP functionality of Cisco IOS and IOS XE Software. These vulnerabilities allow remote attackers who have obtained the SNMP Community String to exploit them and execute arbitrary code on the devices. This series of vulnerabilities was disclosed in 2017, added to the KEV list in 2022, and recently updated regarding affected products and mitigation information. Please promptly verify and apply patches. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] All devices using Cisco IOS and IOS XE Software with SNMP functionality enabled |
|||
| [Recommended Actions] Cisco has released official updates to remediate these vulnerabilities. Please refer to the official advisory for updates at the following URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp You may use the Cisco Software Checker (https://sec.cloudapps.cisco.com/security/center/softwarechecker.x) to verify whether the current version of Cisco IOS and IOS XE Software in use is affected. |
|||
| [Reference] 1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp 2. https://nvd.nist.gov/vuln/detail/cve-2017-6736 3. https://nvd.nist.gov/vuln/detail/cve-2017-6737 4. https://nvd.nist.gov/vuln/detail/cve-2017-6738 5. https://nvd.nist.gov/vuln/detail/cve-2017-6739 6. https://nvd.nist.gov/vuln/detail/cve-2017-6740 7. https://nvd.nist.gov/vuln/detail/cve-2017-6741 8. https://nvd.nist.gov/vuln/detail/cve-2017-6742 9. https://nvd.nist.gov/vuln/detail/cve-2017-6743 10. https://nvd.nist.gov/vuln/detail/cve-2017-6744 |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center